CMS GDPR Security Policy Statement

CMS SupaTrak (CMS) business and information assets are primary resources upon which we and our customers depend for our present and future prosperity. CMS continues to place security of these assets at the heart of our business approach and philosophy, ensuring that our product and services offerings are delivered to our customers in a secure, consistent and cost-effective manner.

In exercising our responsibility to our stakeholders, we have taken all reasonable and appropriate measures to ensure that these assets are safeguarded from threats and vulnerabilities, and that business damage is prevented by minimizing the impact of security incidents.

We are committed to ensuring that the sensitive information entrusted to our care by our customers is protected from unauthorised or accidental modification, loss, leakage or theft. Responsibility rests with all CMS employees to ensure that security is built in to the way we operate, and is inherent in the products and services we deliver to our customers.

CMS has implemented a Business and Information Security Management System (BISMS), and will maintain budgets, plans and resources to sufficiently support this system, as appropriate to the prevailing or perceived levels of risk, whilst considering business trading conditions.

CMS BISMS is built upon a framework of information security management best practice based on ISO 9001 and the GDPR Best practise and procedures.

This takes a holistic approach to security across the organisation including:

Establishment of security policy and organisational structure

Security in the management of assets

Human resources security

Physical and environmental security

Security in operations management

Logical access control to systems and networks

Security in the acquisition, development and maintenance of software and tools

CMS will regularly review the effectiveness of our BISMS to ensure that levels of confidentiality, integrity, and availability are maintained, and that the business continues to operate in a manner that complies with our legal and statutory obligations.

Any queries on the control, management, security, storage, dissemination and deletion of data should be addressed initially to the CMS SupaTrak Data Protection Officer – john.lancaster@supatrak.com